[Asia Economy Reporter Lee Jung-yoon] Hana Tour, a travel agency that leaked customer information due to negligence in management, and the personal information manager were each sentenced to a fine of 10 million won.
On the 6th, Judge Park Jun-min of the Seoul Eastern District Court Criminal Division 4 sentenced Kim (48), head of Hana Tour, who was indicted on charges of violating the Information and Communications Network Act for causing the leakage of about 460,000 customer information records and personal information of about 30,000 employees, and Hana Tour itself, to a fine of 10 million won each.
Judge Park stated, "Considering the evidence submitted by the prosecution, the defendants' guilt is recognized," and added, "Although there were many legal disputes through the defense attorney, the court reviewed and found no grounds to accept those claims." He further explained the sentencing by saying, "The sentence was determined by taking into account the scale and circumstances of the leaked personal information."
Hana Tour was attacked by hackers in September 2017. The hackers infiltrated personal laptops and security network PCs used by employees of an outsourced management company to access the database (DB). The investigation revealed that administrator IDs and passwords were stored without encryption. Additionally, Hana Tour was found not to have implemented additional security measures such as one-time password generators (OTP) when accessing the personal information processing system from outside. Accordingly, the prosecution indicted Hana Tour in June of last year on charges of failing to properly fulfill the obligation to protect customers' personal information.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
